Crypto experts slam Drift Protocol after months long hack drains $280M, raising concerns about security failures and oversight.
The incident has triggered sharp criticism from legal and security professionals. The breach wiped out hundreds of millions within minutes and exposed weaknesses in operational safeguards.
A crypto attorney has accused the platform of negligence and poor risk management. The attack also forced the protocol to halt key services while investigations continue.
Legal criticism targets security failures
Crypto attorney Ariel Givner said Drift Protocol failed to follow basic security practices. She argued the team did not separate development systems from critical financial controls. This, she noted, created a direct pathway for attackers.
Givner also claimed the protocol ignored standard protections such as air-gapped signing devices. According to her, sensitive multisig controls were handled on devices exposed to everyday use. She said some of these devices were used to download unverified software.
She further criticized staff behavior during industry events and online interactions. She said team members engaged with unknown individuals over months without proper verification. Givner warned that such actions are widely known risks in the crypto sector.
The attorney also questioned the platform’s response after the incident. She said users deserve clear compensation plans rather than vague explanations. She added that legal action may follow if affected users are not reimbursed.
Coordinated social engineering attack revealed
Drift Protocol stated that the exploit was not a simple technical flaw. The team described it as a coordinated social engineering campaign that began in late 2025. Attackers reportedly posed as a legitimate trading firm and built trust over time.
According to the protocol, the group attended conferences and maintained contact with contributors. They shared credible profiles and demonstrated technical knowledge. This helped them gain the confidence of key participants.
The attackers even deposited over $1 million into the platform. This move helped establish legitimacy and reduce suspicion. The team said the group also proposed ideas around trading strategies and vault integrations.
As the operation progressed, attackers distributed compromised tools and applications. One contributor downloaded a malicious repository disguised as a deployment tool. Another installed a fake wallet app through TestFlight.
The protocol also identified vulnerabilities linked to developer tools such as VS Code and Cursor. These weaknesses contributed to the breach and allowed access to critical systems.
Massive losses and ongoing investigation
The exploit unfolded rapidly and drained assets in just 12 minutes. A total of 31 transactions were used to extract funds. The losses included large amounts of USDC, WETH, USDT, and several ecosystem tokens.
Security firm PeckShield was among the first to flag the suspicious activity. Reports indicate that much of the stolen funds were converted into USDC. This made tracking and recovery more challenging.
Blockchain investigator ZachXBT linked the attack to North Korean cyber actors associated with the Lazarus Group. He said the group often uses intermediaries and long-term infiltration tactics. Drift Protocol, however, suggested the individuals seen at events were likely hired proxies.
The platform has suspended deposits and withdrawals. It has also removed compromised wallets from its multisig structure. The team is working with cybersecurity firm Mandiant to investigate the incident.
